9111LF
DEPARTMENT OF HOMELAND SECURITY
[Docket No.: CISA-2024-0011]
Agency Information Collection Activities: CISA Gateway User Registration
AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), Department of
Homeland Security (DHS).
ACTION: 30-day notice and request for comments; renewal, 1670-0009.
SUMMARY: DHS CISA Infrastructure Security Division (ISD), will submit the
following information collection request (ICR) to the Office of Management and Budget
(OMB) for review and clearance. CISA previously published this information collection
request (ICR) in the Federal Register on April 24, 2024, for a 60-day public comment
period. No comments were received by CISA. The purpose of this notice is to allow an
additional 30 days for public comments.
DATES: Comments are encouraged and will be accepted until [INSERT DATE 30
DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER].
Submissions received after the deadline for receiving comments may not be considered.
ADDRESSES: Written comments and recommendations for the proposed information
collection should be sent within 30 days of publication of this notice to
www.reginfo.gov/public/do/PRAMain. Find this particular information collection by
selecting "Currently under 30-day Review - Open for Public Comments" or by using the
search function.
OMB is particularly interested in comments that:
1. Evaluate whether the proposed collection of information is necessary for the proper
performance of the functions of the agency, including whether the information will
have practical utility:
2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed

collection of information, including the validity of the methodology and assumptions
used:
3. Enhance the quality, utility, and clarity of the information to be collected; and
4. Minimize the burden of the collection of information on those who are to respond,
including through the use of appropriate automated, electronic, mechanical, or other
technological collection techniques or other forms of information technology, e.g.,
permitting electronic submissions of responses.
FOR FURTHER INFORMATION CONTACT: Iesha Alexander, 202-440-0834,
Iesha.Alexander@CISA.DHS.GOV.
SUPPLEMENTARY INFORMATION: The Homeland Security Presidential
Directive-7, Presidential Policy Directive-22, and the National Infrastructure Protection
Plan highlight the need for a centrally managed repository of infrastructure attributes
capable of assessing risks and facilitating data sharing. The Critical Infrastructure
Information Act of 2002 and Title 6 Code of Federal Regulation part 29 direct an
information protection program and a system to record the receipt, acknowledgement,
and validation of submitted critical infrastructure information (CII), as well as storage,
dissemination, and destruction of original Protected Critical Infrastructure Information
(PCII). To support these missions, the DHS CISA ISD developed the CISA Gateway and
the Protected Critical Infrastructure Information Management System (PCIIMS). The
CISA Gateway and PCIIMS contain several capabilities which support the homeland
security mission in the area of critical infrastructure (CI) and information protection.
The purpose of this collection is to gather the details pertaining to the users of the
CISA Gateway and PCIIMS for the purpose of creating accounts to access the CISA
Gateway and PCIIMS. This information is also used to verify a need to know to access
the CISA Gateway and PCIIMS. After being vetted and granted access, users are
prompted and required to take an online training course upon first logging into the

system. After completing the training, users are permitted full access to the systems. In
addition, this collection will gather feedback from the users of the CISA Gateway to
determine any future system improvements.
The information gathered will be used by the CISA Gateway Program
Management Team and the PCII Program Office for PCIIMS to vet users for a need to
know and grant access to the system. For the CISA Gateway, as part of the registration
process, users are required to take a one-time online training course. When logging into
the system for the first time, the system prompts users to take the training courses. Users
cannot opt out of the training and are required to take the course in order to gain and
maintain access to the system. When users complete the training, the system
automatically logs that the training is complete and allows full access to the system. For
PCIIMS, after registration and vetting, users are directed to take PCII Authorized User
training, which must be retaken annually to maintain their active status.
The collection of information uses automated electronic forms. During the online
registration process, there is an electronic form used to create a user account and an
online training course required to grant access.
The collection was initially approved on October 9, 2007, and the most recent
approval was on December 19, 2023, with an expiration date of June 30, 2024. The
changes to the collection since the previous OMB approval include updating the title of
the collection, decrease in burden estimates and decrease in costs.
The total annual burden cost for the collection has changed by $3,096.40, from
$4,128 to $7,224.40 due to the removal of the utilization survey, and the addition of
PCIIMS respondents. For the CISA Gateway, the total number of responses has increased
from 350 to 700 due to the updated metrics resulting from the awareness campaign and
due to the registration process changing which does not include the training registration.
The annual government cost for this collection has changed by $8,340.92 from $5,723 to

$14,063.92 due to the removal of the utilization survey, and the addition of PCIIMS
respondents. This is a renewal of an information collection.
ANALYSIS:
Agency: Cybersecurity and Infrastructure Security Agency (CISA), Department of
Homeland Security (DHS).
Title of Collection: CISA Gateway User Registration.
OMB Control Number: 1670-0009.
Frequency: Annually.
Affected Public: State, local, Tribal, and Territorial governments and private sector
individuals.
Number of Annualized Respondents: 700.
Estimated Time Per Respondent: 0.167 hours for registration, 0.167 hours for training.
Total Annualized Burden Hours: 116.679 hours.
Total Annualized Respondent Opportunity Cost: $7,224.40.
Total Annualized Respondent Out-of-Pocket Cost: $0.
Total Annualized Government Cost: $14,063.92.

Robert J. Costello,
Chief Information Officer,
Department of Homeland Security,
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-14286 Filed: 6/27/2024 8:45 am; Publication Date: 6/28/2024]